diff --git a/op_test.sh b/op_test.sh index 6bcb196..cb160e6 100755 --- a/op_test.sh +++ b/op_test.sh @@ -38,16 +38,20 @@ init () ROOT_DIR="$(pwd)" WORK_DIR="$ROOT_DIR/easyrsa3" TEMP_DIR="$WORK_DIR/temp" + IGNORE_TEMP=$((IGNORE_TEMP)) - if [ -d "$TEMP_DIR" ] + if [ -d "$TEMP_DIR" ] && [ $IGNORE_TEMP -eq 0 ] then print "Aborted! Temporary directory exists: $TEMP_DIR" exit 1 + else + [ $IGNORE_TEMP -eq 1 ] && rm -rf "$TEMP_DIR" && print "NOTICE: Deleted $TEMP_DIR" fi DIE="${DIE:-1}" S_ERRORS=0 T_ERRORS=0 + DELAY=${DELAY:-1} VERBOSE="${VERBOSE:-0}" VVERBOSE="${VVERBOSE:-0}" SHOW_CERT="${SHOW_CERT:-0}" @@ -164,8 +168,7 @@ verb_off () wait_sec () { - delay=$(( ${1:-3} )) - ( sleep $delay 2>/dev/null ) || { ( ping -n 1 127.0.0.1 2>/dev/null ) && ping -n $delay 127.0.0.1; } + ( sleep $DELAY 2>/dev/null ) || { ( ping -n 1 127.0.0.1 2>/dev/null ) && ping -n $DELAY 127.0.0.1; } } setup () @@ -277,25 +280,33 @@ create_req () export EASYRSA_REQ_CN="maximilian" STEP_NAME="build-ca nopass subca" action - [ -f "$EASYRSA_PKI/reqs/ca.req" ] && REQ_ca="$EASYRSA_PKI/reqs/ca.req" + [ -f "$EASYRSA_PKI/reqs/ca.req" ] && mv "$EASYRSA_PKI/reqs/ca.req" "$EASYRSA_PKI/reqs/maximilian.req" export EASYRSA_REQ_CN="specter" STEP_NAME="gen-req $EASYRSA_REQ_CN nopass" action secure_key - [ -f "$EASYRSA_PKI/reqs/$EASYRSA_REQ_CN.req" ] && REQ_server="$EASYRSA_PKI/reqs/$EASYRSA_REQ_CN.req" export EASYRSA_REQ_CN="meltdown" STEP_NAME="gen-req $EASYRSA_REQ_CN nopass" action secure_key - [ -f "$EASYRSA_PKI/reqs/$EASYRSA_REQ_CN.req" ] && REQ_client="$EASYRSA_PKI/reqs/$EASYRSA_REQ_CN.req" export EASYRSA_REQ_CN="heartbleed" STEP_NAME="gen-req $EASYRSA_REQ_CN nopass" action secure_key - [ -f "$EASYRSA_PKI/reqs/$EASYRSA_REQ_CN.req" ] && REQ_serverClient="$EASYRSA_PKI/reqs/$EASYRSA_REQ_CN.req" + + # SAN will be lost + #verb_on + export EASYRSA_REQ_CN="VORACLE" + STEP_NAME="--subject-alt-name='DNS:www.example.org,IP:0.0.0.0' gen-req $EASYRSA_REQ_CN nopass" + action + secure_key + + STEP_NAME="show-req $EASYRSA_REQ_CN nopass" + action + #verb_off unset EASYRSA_REQ_CN unset EASYRSA_BATCH @@ -379,13 +390,7 @@ build_san_full () import_req () { - case "$REQ_type" in - ca) REQ_file="$REQ_ca" ;; - server) REQ_file="$REQ_server" ;; - client) REQ_file="$REQ_client" ;; - serverClient) REQ_file="$REQ_serverClient";; - *) DIE=1 die "Unknown certificate type $REQ_type" ;; - esac + REQ_file="$TEMP_DIR/pki-req/reqs/$REQ_name.req" # Note: easyrsa still appears to work in batch mode for this action ? export EASYRSA_BATCH=0 @@ -395,6 +400,15 @@ import_req () export EASYRSA_BATCH=1 } +show_req () +{ + STEP_NAME="show-req $REQ_name" + [ $((SHOW_CERT)) -eq 1 ] && SHOW_CERT_ONLY=1 + action + newline + unset SHOW_CERT_ONLY +} + sign_req () { newline 1 @@ -473,7 +487,7 @@ create_pki () REQ_name="s01" build_full show_cert - wait_sec 3 + wait_sec $DELAY renew_cert show_cert revoke_cert @@ -482,7 +496,7 @@ create_pki () REQ_name="s02" build_san_full show_cert - wait_sec 3 + wait_sec $DELAY renew_cert show_cert revoke_cert @@ -491,7 +505,7 @@ create_pki () REQ_name="s03" build_full show_cert - wait_sec 3 + wait_sec $DELAY renew_cert show_cert revoke_cert @@ -500,7 +514,7 @@ create_pki () REQ_name="s04" build_san_full show_cert - wait_sec 3 + wait_sec $DELAY renew_cert show_cert revoke_cert @@ -509,7 +523,7 @@ create_pki () REQ_name="c01" build_full show_cert - wait_sec 3 + wait_sec $DELAY renew_cert show_cert revoke_cert @@ -528,6 +542,14 @@ create_pki () show_cert revoke_cert + # SAN is lost. + REQ_type="serverClient" + REQ_name="VORACLE" + import_req + sign_req + show_cert + revoke_cert + REQ_type="client" REQ_name="meltdown" import_req @@ -558,6 +580,12 @@ create_pki () show_cert revoke_cert + REQ_type="serverClient" + REQ_name="VORACLE" + sign_req + show_cert + revoke_cert + REQ_type="client" REQ_name="meltdown" sign_req